Download the “certbot-auto” utility
wget https://dl.eff.org/certbot-auto sudo cp certbot-auto /usr/local/bin/certbot-auto sudo chown root /usr/local/bin/certbot-auto sudo chmod 0755 /usr/local/bin/certbot-auto certbot-auto --help
Command to renew the SSL certificate (for particular domain)
certbot-auto certonly --webroot --webroot-path=/var/www/html -d <domain-name>
Example:
To renew the certificate of OpenSpecimen site.
certbot-auto certonly --webroot --webroot-path=/var/www/preprod.openspecimen.org/public_html -d www.openspecimen.org
Renew the certificate of forums site.
certbot-auto certonly --webroot --webroot-path=/var/www/html -d forums.openspecimen.org
Configuring SSL into Nginx
Create configuration file into ‘/etc/nginx/sites-avaiable/site.conf’ directory. Given below is example template to configure SSL into Nginx. (Proxy configuration will change as per application/site).
Example:
server {
listen 80;
server_name <host-name>;
root /var/www/html;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name <host-name;
root /var/www/html;
ssl_certificate <absolute-path-of-cert-file>;
ssl_certificate_key <absolute-path-of-private-key>;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
#Proxy configuration
location / {
proxy_pass http://127.0.0.1:9966;
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ /.well-known {
allow all;
}
}